Spring Boot Actuator Sensitive Endpoint Probe for 2022-04-24

Apr 24, 2022 WebExploit

Last Updated: 12:00 UTC

Spring Boot Actuator exposes management endpoints. heapdump returns a full JVM heap snapshot containing in-memory secrets. env returns all environment variables. gateway/routes is the RCE precursor for CVE-2022-22947 (Spring Cloud Gateway SPEL injection).

CVE References

CVE-2022-22947

MITRE ATT&CK

Tactic: Discovery (TA0007)
Technique: T1046 — Network Service Scanning

Observed URIs

/actuator/env
/actuator/gateway/routes

Attackers by Country

IP Address : ASN : City/Provider

208.21.208.2 : AS1239 sprint : United States of America
45.155.204.146 : AS49505 ooo network of data-centers selectel : Germany

Share on: